Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Whisk (SSLE) with Curdleproofs - rebased #3342

Merged
merged 34 commits into from
Jun 8, 2023

Conversation

dapplion
Copy link
Collaborator

Preserved original commits for context and history, since they contain relevant remarks and design decisions.

In detail the branch dapplion:consensus-specs:whisk-curdleproofs process is:

git checkout nalinbhardwaj:whisk-curdleproofs
git rebase ethereum:dev

Resolve conflicts manually, dropping all changes on these files

  • configs/mainnet.yaml
  • configs/minimal.yaml
  • tests/core/pyspec/eth2spec/merge/__init__.py
  • tests/core/pyspec/eth2spec/merge/mainnet.py
  • tests/core/pyspec/eth2spec/merge/minimal.py
  • tests/core/pyspec/eth2spec/test/altair/unittests/test_config_override.py
  • tests/core/pyspec/eth2spec/test/context.py
  • tests/core/pyspec/eth2spec/test/helpers/constants.py
  • tests/core/pyspec/eth2spec/test/helpers/genesis.py
  • tests/core/pyspec/eth2spec/test/whisk/__init__.py
  • tests/core/pyspec/eth2spec/test/whisk/unittests/__init__.py

Two final commits to move whisk spec to _features and remove dummy test.

Next steps

@hwwhww should I also drop changes to setup.py? We can merge the spec not executable first, and make executable latter. In parallel propose improvements to nalinbhardwaj:whisk-curdleproofs and add spec tests

@dapplion dapplion changed the title Whisk curdleproofs Whisk (SSLE) with Curdleproofs - rebased Apr 30, 2023
Copy link
Contributor

@hwwhww hwwhww left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @dapplion!

should I also drop changes to setup.py? We can merge the spec not executable first, and make executable latter. In parallel propose improvements to nalinbhardwaj:whisk-curdleproofs and add spec tests

I think given the complexity of this feature, it's good to have some basic reviews now since we can only review it line by line in this PR.

Therefore, I pushed some fixes based on the linter errors. The only remaining linter error is "undefined name 'WhiskTrackerProof'".

I think for this PR, the goals can be set to (i) make linter pass and (ii) review the whisk logic. 👍 on adding tests in later PRs.

specs/_features/whisk/beacon-chain.md Show resolved Hide resolved
@hwwhww
Copy link
Contributor

hwwhww commented May 1, 2023

curdleproofs package requires Python version >=Python3.9. IMO we can merge #2964 first.

@asn-d6
Copy link
Contributor

asn-d6 commented May 2, 2023

Thanks @dapplion!

should I also drop changes to setup.py? We can merge the spec not executable first, and make executable latter. In parallel propose improvements to nalinbhardwaj:whisk-curdleproofs and add spec tests

I think given the complexity of this feature, it's good to have some basic reviews now since we can only review it line by line in this PR.

Therefore, I pushed some fixes based on the linter errors. The only remaining linter error is "undefined name 'WhiskTrackerProof'".

I think for this PR, the goals can be set to (i) make linter pass and (ii) review the whisk logic. +1 on adding tests in later PRs.

ACK. Makes sense. Will do a review here either this or next week.

@asn-d6
Copy link
Contributor

asn-d6 commented May 3, 2023

curdleproofs package requires Python version >=Python3.9. IMO we can merge #2964 first.

This is now merged. I guess if we rebase this on top, the tests will not fail anymore?

asn-d6 and others added 24 commits May 5, 2023 10:23
@asn-d6: As discussed, I fixed a few bugs along the way but likely also introduced some bugs :)
This PR changes the Whisk tracker format to be of the form `(r * pubkey, r * BLS_GT_GENERATOR)` instead of `(r * k * BLS_G1_GENERATOR, r * BLS_G1_GENERATOR)`. This allows for non-interactive tracker registrations from validator pubkeys, removing ~50 lines the code. It also significantly reduces the amount of state overhead. This PR also removes permutation commitments, though those can be easily readded if deemed necessary.
@asn-d6: Readded a consistency check for `IsValidWhiskOpeningProof` (involving `pubkey` instead of `k_commitment`).
This needs its own ethresearch post, and some additional analysis to see if we can do the shuffle ZKP in the allowed
timeframe.

This reverts commit 8517aca.
Ditch the Feistel logic and instead have each shuffler pick the row they shuffle using their RANDAO reveal.
This commit further simplifies 0faef30 by removing the entire squareshuffle.

The latest version of https://eprint.iacr.org/2022/560 proposes that each shuffler picks random indices from the entire
candidate set instead of organizing validators into a square.
@dapplion dapplion force-pushed the whisk-curdleproofs branch from 9e68294 to 670845b Compare May 5, 2023 01:24
@dapplion
Copy link
Collaborator Author

dapplion commented May 5, 2023

Lint should pass now, recent changes:

  • Declared custom types WhiskShuffleProof WhiskTrackerProof d721e3a
  • Ignore pylint rules for unimplemented crypto 7d509c1
  • Fix types multiple functions f11e9df
  • Implement initial k generation for fork.md f11e9df

@dapplion dapplion force-pushed the whisk-curdleproofs branch from 2ef68e2 to e9445bb Compare May 10, 2023 11:07
Copy link
Contributor

@asn-d6 asn-d6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @dapplion . LGTM!

Copy link
Contributor

@hwwhww hwwhww left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor suggestions.

It's good to merge this alpha version. Thank you @dapplion!

specs/_features/whisk/beacon-chain.md Outdated Show resolved Hide resolved
Comment on lines +353 to +354
def is_k_commitment_unique(state: BeaconState, k_commitment: BLSG1Point) -> bool:
return all([validator.whisk_k_commitment != k_commitment for validator in state.validators])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function looks scary.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scary due to its syntax, efficiency or else? If the former should I use a for loop?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Let's use a for loop?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the confusion. I was scared by the efficiency. IIUC Python all() is like for loop implementation, it returns False immediately once it finds validator.whisk_k_commitment == k_commitment. But it scares me as it is used in the while True of get_unique_whisk_k.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding efficiency: Yes on a deposit this requires a full loop over the validator list. But a naive implementation of the beacon chain already requires that to check if the pubkey of a deposit has been seen before or not. This addition will require clients to mantain cached set of k_commitment to avoid that loop if they choose. AFAIK spec should not be concerned with computational efficiency but correctness, and the current whisk spec new k_commitment to be unique.

Regarding syntax: the all syntax is pretty readable, I can switch to a for loop, but the current implementation is simpler IMO

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, the efficiency hit here can be salvaged using a hash map of all k_commitments. When writing the spec here with @JustinDrake, we tried to focus on correctness/readability over optimizations, hence the loop here.

specs/_features/whisk/beacon-chain.md Outdated Show resolved Hide resolved
specs/_features/whisk/beacon-chain.md Outdated Show resolved Hide resolved
specs/_features/whisk/beacon-chain.md Outdated Show resolved Hide resolved
@dapplion dapplion force-pushed the whisk-curdleproofs branch from 1ea91d4 to 45fce04 Compare May 18, 2023 16:33
@hwwhww hwwhww merged commit 241e52a into ethereum:dev Jun 8, 2023
@hwwhww hwwhww added the general:enhancement New feature or request label Jun 8, 2023
dapplion added a commit to dapplion/consensus-specs that referenced this pull request Jun 9, 2023
* Introduce consensus code for Whisk

* polish, simplify, clean up (~100 fewer lines)

@asn-d6: As discussed, I fixed a few bugs along the way but likely also introduced some bugs :)

* minor cleanups and fixes

* simplify is_k_commitment_unique

* Update beacon-chain.md

* Update beacon-chain.md

* Initialize `k` in `get_validator_from_deposit()`

* minor cleanups

* Update beacon-chain.md

* Create beacon-chain.md

This PR changes the Whisk tracker format to be of the form `(r * pubkey, r * BLS_GT_GENERATOR)` instead of `(r * k * BLS_G1_GENERATOR, r * BLS_G1_GENERATOR)`. This allows for non-interactive tracker registrations from validator pubkeys, removing ~50 lines the code. It also significantly reduces the amount of state overhead. This PR also removes permutation commitments, though those can be easily readded if deemed necessary.

* A couple of fixes to the no-registration simplification

@asn-d6: Readded a consistency check for `IsValidWhiskOpeningProof` (involving `pubkey` instead of `k_commitment`).

* remove unused helpers

* use Mary's suggested tracker

* Update beacon-chain.md

* Revert G_t element optimization

This needs its own ethresearch post, and some additional analysis to see if we can do the shuffle ZKP in the allowed
timeframe.

This reverts commit 8517aca.

* Implement new shuffling strategy

Ditch the Feistel logic and instead have each shuffler pick the row they shuffle using their RANDAO reveal.

* Curdleproofs edits

* working whisk eth2spec

* working whisk dummy test

* add more boilerplate set up code

* rebase constants

* Implement even newer and simplified shuffling strategy

This commit further simplifies 0faef30 by removing the entire squareshuffle.

The latest version of https://eprint.iacr.org/2022/560 proposes that each shuffler picks random indices from the entire
candidate set instead of organizing validators into a square.

* Move to _features

* remove dummy test

* Run doctoc

* Change Whisk's previous fork to Capella instead of Bellatrix. Make linter happier.

* Fix lint

* Fix pylint

* Fix mypy issues

* Clean-up get_beacon_proposer_index

* Fix doc headers

* Fix capella link

* Update apply_deposit

* Rename process_shuffled_trackers

---------

Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: Justin <drakefjustin@gmail.com>
Co-authored-by: Nalin Bhardwaj <nalinbhardwaj@nibnalin.me>
Co-authored-by: Hsiao-Wei Wang <hsiaowei.eth@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
general:enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants